Tianyi Jing
unread,Sep 18, 2024, 3:22:17 AM9/18/24Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to hust-os-ker...@googlegroups.com, dz...@hust.edu.cn, Tianyi Jing, syzbot+c13de7...@syzkaller.appspotmail.com
Syzbot reports, mon->self may be NULL in tipc_mon_reinit_self, leading to
null pointer dereference.
Fixed by adding check for mon's self.
Fixes: 46cb01eeeb86 ("tipc: update mon's self addr when node addr generated")
Reported-by:
syzbot+c13de7...@syzkaller.appspotmail.com
Closes:
https://lore.kernel.org/all/00000000000088...@google.com/
Signed-off-by: Tianyi Jing <
jing...@hust.edu.cn>
---
net/tipc/monitor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c
index e2f19627e43d..c32ba706cfed 100644
--- a/net/tipc/monitor.c
+++ b/net/tipc/monitor.c
@@ -713,7 +713,7 @@ void tipc_mon_reinit_self(struct net *net)
for (bearer_id = 0; bearer_id < MAX_BEARERS; bearer_id++) {
mon = tipc_monitor(net, bearer_id);
- if (!mon)
+ if (!mon || !mon->self)
continue;
write_lock_bh(&mon->lock);
mon->self->addr = tipc_own_addr(net);
--
2.34.1